Techini / vulnado

Purposely vulnerable Java application to help lead secure coding workshops
Apache License 2.0
0 stars 0 forks source link

Bump spring-boot-starter-parent from 2.1.2.RELEASE to 2.3.5.RELEASE #89

Closed dependabot-preview[bot] closed 4 years ago

dependabot-preview[bot] commented 4 years ago

Bumps spring-boot-starter-parent from 2.1.2.RELEASE to 2.3.5.RELEASE.

Release notes

Sourced from spring-boot-starter-parent's releases.

v2.3.5.RELEASE

:beetle: Bug Fixes

  • Configuration property annotation processor does not notice overriding getter methods #23969
  • Incremental compilation does not keep metadata for inner classes #23959
  • HttpEncodingAutoConfiguration is not added to the WebMvcTest slice #23813
  • Jar entries are duplicated in BOOT-INF/lib with layered jars and Maven #23801
  • server.servlet.session.timeout not in effect when using Jetty starter without jakarta.annotation and javax.annotation #23750
  • If the JVM is killed while refresh is in progress, the shutdown hook does not close the context #23743
  • Setting server.undertow.eager-filter-init has no effect #23676
  • @ConfigurationPropertiesBinding does not apply Formatter beans #23614
  • H2 Console error with AbstractRoutingDataSource #23569
  • When using embedded Jetty, an error response to a HEAD request has a body #23555
  • Custom layer definition does not pick up snapshots #23533
  • BootJar.getConfigurations() should not be public API #23527
  • Dependency management for Netty tcNative does not include its netty-tcnative module #23508
  • PropertiesLauncher requires spring-core on the classpath #23500
  • Log4j's tag library doesn't work out of the box as log4j-*.jar is skipped by default #23481
  • Unexpected application context cache hit when testing with SpringBootTest webEnvironment MOCK and DEFINED_PORT #23477
  • Log4j2 configuration is not picking up some properties #23428
  • Flyway configuration ignores init-sqls when using spring.datasource.* properties #23408
  • Wildcard locations for configs causes files to be parsed multiple times on k8s #23160
  • Datasource initialisation with JPA schema configured in deferred mode happens asynchronously #22852
  • Maven plugin build-image creator step fails in Bitbucket pipelines #22840

:notebook_with_decorative_cover: Documentation

  • Remove version elements from Maven plugin documentation #23930
  • Document how to enable h2c via programmatic configuration #23812
  • Note that using LiveReload requires Devtools restart to be enabled #23764
  • Add upgrading section to reference docs with a link to the wiki #23611
  • Add example of setting system property in gradle bootRun #23598
  • Update configuration metadata appendix to remove description for Gradle 4.5 and earlier as it is no longer supported #23567
  • Fix typos in reference documentation and contributing guidelines #23561
  • Fix link to Log4j's JDK Logging Adapter in reference documentation #23461
  • Revisit hint on using classpath* for retrieving templates #23452
  • Document support for Java 15 #23448
  • Note the Kt class name suffix when describing how to configure a Kotlin application's main class name #23422
  • Add anchor links to section headers in Gradle and Maven plugin reference docs #23406
  • Document how JAVA_OPTS can be used with the buildpack #21582
  • Maven layers documentation is incomplete #21555
  • Document how to override attributes already specified in Maven plugin configuration #21536
  • Add example of default Cloud Native Buildpacks Builder #19967

:hammer: Dependency Upgrades

  • Upgrade to Byte Buddy 1.10.17 #23865
  • Upgrade to Caffeine 2.8.6 #23866
  • Upgrade to Couchbase Client 3.0.9 #23867
  • Upgrade to Dropwizard Metrics 4.1.14 #23868
Commits
  • a6ed3be Release v2.3.5.RELEASE
  • 33d66b7 Fix to spring-doc-resources version
  • b0c2687 Update copyright year of changed files
  • 2992f40 Upgrade to spring-doc-resources 0.2.3.RELEASE
  • 70d9602 Merge branch '2.2.x' into 2.3.x
  • e7eb773 Use overriding rather than overridden getter methods in config prop AP
  • eb77a20 Merge branch '2.2.x' into 2.3.x
  • 79a8335 Next development version (v2.2.12.BUILD-SNAPSHOT)
  • cc3c898 Upgrade to github-changelog-generator 0.0.4
  • 3b899ee Merge branch '2.1.x' into 2.2.x
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
sonarcloud[bot] commented 4 years ago

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

dependabot-preview[bot] commented 4 years ago

Superseded by #90.